diff --git a/bin/hardening/99.1.1.23_disable_usb_devices.sh b/bin/hardening/99.1.1.23_disable_usb_devices.sh index b3b50c6..000888b 100755 --- a/bin/hardening/99.1.1.23_disable_usb_devices.sh +++ b/bin/hardening/99.1.1.23_disable_usb_devices.sh @@ -26,6 +26,8 @@ FILE='/etc/udev/rules.d/10-CIS_99.2_usb_devices.sh' # This function will be called if the script status is on enabled / audit mode audit() { SEARCH_RES=0 + # if SC2086 is fixed (double quotes) instead of skipped, then shellcheck will complain that double quotes will prevent the loop (SC2066) + # shellcheck disable=SC2086 for FILE_SEARCHED in $FILES_TO_SEARCH; do if [ "$SEARCH_RES" = 1 ]; then break; fi if $SUDO_CMD test -d "$FILE_SEARCHED"; then diff --git a/lib/common.sh b/lib/common.sh index 9c91783..34a6fbe 100644 --- a/lib/common.sh +++ b/lib/common.sh @@ -148,5 +148,5 @@ div() { fi local _r=$(($1$_n / $2)) _r=${_r:0:-$_d}.${_r: -$_d} - echo $_r + echo "$_r" } diff --git a/lib/utils.sh b/lib/utils.sh index b7202b7..23dc710 100644 --- a/lib/utils.sh +++ b/lib/utils.sh @@ -11,6 +11,7 @@ has_sysctl_param_expected_result() { local SYSCTL_PARAM=$1 local EXP_RESULT=$2 + # shellcheck disable=SC2319 if [ "$($SUDO_CMD sysctl "$SYSCTL_PARAM" 2>/dev/null)" = "$SYSCTL_PARAM = $EXP_RESULT" ]; then FNRET=0 elif [ "$?" = 255 ]; then @@ -35,6 +36,7 @@ set_sysctl_param() { local SYSCTL_PARAM=$1 local VALUE=$2 debug "Setting $SYSCTL_PARAM to $VALUE" + # shellcheck disable=SC2319 if [ "$(sysctl -w "$SYSCTL_PARAM"="$VALUE" 2>/dev/null)" = "$SYSCTL_PARAM = $VALUE" ]; then FNRET=0 elif [ $? = 255 ]; then diff --git a/shellcheck/launch_shellcheck.sh b/shellcheck/launch_shellcheck.sh index cd34f73..ccbefd6 100755 --- a/shellcheck/launch_shellcheck.sh +++ b/shellcheck/launch_shellcheck.sh @@ -14,7 +14,8 @@ fi for f in $files; do if head "$f" | grep -qE "^# run-shellcheck$"; then printf "\e[1;36mRunning shellcheck on: %s \e[0m\n" "$f" - if ! /usr/bin/shellcheck --color=always --shell=bash -x --source-path=SCRIPTDIR "$f"; then + # SC2317: command unreachable, sometimes has a hard time reaching the command in a function + if ! /usr/bin/shellcheck --exclude=SC2317 --color=always --shell=bash -x --source-path=SCRIPTDIR "$f"; then retval=$((retval + 1)) fi fi diff --git a/tests/launch_tests.sh b/tests/launch_tests.sh index 4d55715..4dc317a 100755 --- a/tests/launch_tests.sh +++ b/tests/launch_tests.sh @@ -13,7 +13,7 @@ cleanup_and_exit() { if [ "$totalerrors" -eq 255 ]; then fatal "RUNTIME ERROR" fi - exit $totalerrors + exit "$totalerrors" } trap "cleanup_and_exit" EXIT HUP INT @@ -125,7 +125,7 @@ play_consistency_tests() { ok "$name logs are identical" fi - if [ 1 -eq $consist_test ]; then + if [ 1 -eq "$consist_test" ]; then nbfailedconsist=$((nbfailedconsist + 1)) listfailedconsist="$listfailedconsist $(make_usecase_name "$usecase" consist)" fi